phone-verification
Warn
Audited by Socket on Jul 2, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the skill’s phone-verification purpose is plausible, but its actual data flow sends phone numbers, OTP codes, and bearer credentials through Gooseworks’ proxy instead of directly to Didit. The same-org infrastructure lowers malware concern, but the proxy routing and raw credential-file access make the skill moderately risky and not fully aligned with its stated integration purpose.
Confidence: 86%Severity: 64%
Audit Metadata